Connect Workday (LMS) as a Training Provider
Connect Workday LMS to Sprinto to automatically sync training data and track employee learning compliance.
Sprinto integrates with Workday Learning (LMS) to automatically sync training data such as course completion and user progress. Once connected, Sprinto can track training compliance, trigger campaigns, and map learning records to controls without manual intervention.
This integration uses secure API-based authentication and requires configuration within both Sprinto and Workday.
How it Works
Sprinto connects to Workday using API credentials generated within your Workday account. The integration is powered via a secure authentication flow that requires specific permissions and scopes.
To enable the integration:
You create a credential in Sprinto and initiate the connection.
Sprinto guides you through required permissions and configuration steps.
In Workday, you:
Retrieve your REST API endpoint
Create an Integration System User (ISU)
Assign required domain permissions via a security group
Generate API credentials (Client ID, Client Secret, Refresh Token)
Once configured:
Sprinto fetches user and course data from Workday.
Training completion and progress are continuously synced.
Compliance checks are automatically evaluated.
Required Permissions
To successfully connect Workday (LMS) with Sprinto, you must grant specific read-only permissions to the Integration System User (ISU) via the assigned security group.
Ensure that each permission is configured with the correct access level in Maintain Permissions for Security Group.
Domain Security Policy Permissions
Get Only
Worker Data: Workers
Get Only
Worker Data: Public Worker Reports
Get Only
Worker Data: Current Staffing Information
Get Only
Person Data: Work Email
Get Only
Set Up: Learning Catalog
View Only
Set Up: Learning Catalog
Get Only
Reports: Learning Record
View Only
Reports: Learning Record
Important
Select the exact access type (Get Only or View Only) for each domain
Do not assign broader permissions such as View and Modify or Get and Put
Permissions must be assigned to the Integration System Security Group linked to the ISU
After assigning permissions, you must activate pending security policy changes for them to take effect
Use Cases
Automate training compliance tracking
Automatically track completion of mandatory training programmes
Centralise training data
Consolidate Workday learning data within Sprinto for audits
Reduce manual effort
Eliminate manual uploads of training records
Audit readiness
Provide verifiable training evidence mapped to controls
Continuous monitoring
Ensure ongoing compliance through automated checks
Dashboard Actions
Step 1: Navigate to Trainings
Log in to the Sprinto dashboard.
Navigate to Data Library → Trainings.
Step 2: Add Workday as a Training Provider
Click Add training provider.
In the drawer, locate Workday (LMS).
Click Connect.
Step 3: Create Credential
Select Credential Type as Workday (LMS).
Enter a Credential Name.
Add a description.
Click Create Credential.
This opens the Workday connection flow.
Step 4: Review and Approve Permissions
Review all requested permissions in the Workday pop-up.
Expand each section:
Read users
Read courses
Read course revisions
Read course progressions
Click Continue.
Step 5: Add Workday REST API Endpoint
In your Workday account, use the Search bar at the top and enter View API Clients.
From the results, click on the View API Clients task to open the API Clients page.
On the View API Clients page, locate the field labelled Workday REST API Endpoint.
Copy the endpoint value. The URL will follow this format:
https://{domain}/ccx/api/v1/{tenant}
Return to Sprinto and paste the copied value into the Workday REST API Endpoint field.
Click Continue to proceed.
Step 6: Create Integration System User (ISU)
In your Workday account, use the Search bar at the top and enter Create Integration System User.
From the results, click on the Create Integration System User task.
In the dialog that appears, enter the following details:
Username for the integration user
Password (ensure it meets Workday’s password requirements)
(Optional but recommended) Select Generate Random Password or create a strong password manually and store it securely.
Enable the checkbox Do Not Allow UI Sessions to restrict interactive login for this user.
You can leave the remaining fields (such as session timeout settings) as default unless your organisation requires specific configurations.
Click OK to create the Integration System User.
Step 7: Create Security Group and Assign User
In your Workday account, use the Search bar at the top and enter Create Security Group.
From the results, click on the Create Security Group task.
On the Create Security Group screen:
Locate the dropdown Type of Tenanted Security Group.
Select Integration System Security Group (Unconstrained).
In the Name field, enter the same value as the Integration System User (ISU) username you created earlier.
Click OK to create the security group.
On the next screen (Edit Security Group):
Locate the Integration System Users field.
Add the ISU you created earlier by searching and selecting the username.
(Optional) You can leave other fields such as comments or context type unchanged unless required by your organisation.
Click OK to save and assign the user to the security group.
Step 8: Assign Required Domain Permissions
In Workday, use the Search bar and enter Maintain Permissions for Security Group.
Select the task Maintain Permissions for Security Group from the results.
In the window that opens:
Ensure the Operation is set to Maintain.
In the Source Security Group field, search for and select the security group you created earlier (same name as the ISU).
Click OK to proceed.
You will be redirected to the permissions configuration page. Ensure the tab Domain Security Policy Permissions is selected.
Click the “+” (Add) icon to start adding permissions.
For each required permission, repeat the following steps:
In the View/Modify Access column:
Select the appropriate access type (Get Only or View Only) from the dropdown.
In the Domain Security Policy column:
Use the search field to enter the domain name.
Select the correct domain from the search results.
See the example image given below.
Add the following permissions:
Get Only: Worker Data: Workers
Get Only: Worker Data: Public Worker Reports
Get Only: Worker Data: Current Staffing Information
Get Only: Person Data: Work Email
Get Only: Set Up: Learning Catalog
View Only: Set Up: Learning Catalog
Get Only: Reports: Learning Record
View Only: Reports: Learning Record
Continue adding entries until all required permissions are configured.
Once completed, click OK to save the permissions.
Step 9: Activate Security Changes
In Workday, use the Search bar and enter Activate Pending Security Policy Changes.
Select the task Activate Pending Security Policy Changes from the results.
In the window that appears:
Enter a comment describing the changes (optional but recommended)
Example: Grant ISU required permissions for Sprinto integration
Click OK.
In the confirmation screen:
Review the Current Security Evaluation Moment and Proposed Security Evaluation Moment.
Verify that your recent changes are included.
Select the Confirm checkbox to approve the changes.
Click OK to apply the updates.
Step 10: Create API Client
In Workday, use the Search bar and enter Register API Client for Integrations.
Select the task Register API Client for Integrations from the results.
In the window that appears:
Enter a Client Name.
Example: Sprinto API Client (or any identifiable name).
Enable Non-Expiring Refresh Tokens
In the Scope (Functional Areas) field:
Add the required scopes for LMS integrations:
Tenant Non-Configurable
Staffing
Contact Information
Learning Core
Click OK to create the API client.
Retrieve Client Credentials
After creation, a details page will appear:
Copy and securely store:
Client ID
Client Secret
These values will be required when completing the integration in Sprinto.
Generate Refresh Token
On the same page:
Click the three-dot menu (⋯) at the top.
Navigate to API Client → Manage Refresh Tokens for Integrations.
In the dialog, select the Workday Account (enter the ISU created earlier)
Click OK.
In the next screen, select Generate New Refresh Token.
Click OK.
Once the token is generated:
Copy the Refresh Token.
Store it securely for later use in Sprinto.
Important
The refresh token is required to complete authentication with Sprinto.
Ensure you copy all credentials (Client ID, Client Secret, Refresh Token) before exiting the screen.
Step 11: Complete Integration in Sprinto
Enter:
Client ID
Client Secret
Refresh Token
Click Set up integration.
Once successful, Sprinto begins syncing Workday training data.
Summary
By integrating Workday LMS with Sprinto, you enable automated syncing of training data, allowing continuous monitoring of employee learning and compliance. This removes manual effort and ensures audit readiness with real-time evidence collection.
Last updated